Inherits org.sleuthkit.datamodel.AbstractContent.

Public Member Functions
void	close ()

void	finalize () throws Throwable

long	getBlock_count ()

long	getBlock_size ()

long	getFirst_inum ()

TskData.TSK_FS_TYPE_ENUM	getFsType ()

long	getImageOffset ()

long	getLastInum ()

long	getRoot_inum ()

Directory	getRootDirectory () throws TskCoreException

long	getSize ()

int	read (byte[] buf, long offset, long len) throws TskCoreException

String	toString (boolean preserveState)

Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent
boolean	equals (Object obj)

Score	getAggregateScore () throws TskCoreException

List< AnalysisResult >	getAllAnalysisResults () throws TskCoreException

ArrayList< BlackboardArtifact >	getAllArtifacts () throws TskCoreException

long	getAllArtifactsCount () throws TskCoreException

List< DataArtifact >	getAllDataArtifacts () throws TskCoreException

List< AnalysisResult >	getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException

ArrayList< BlackboardArtifact >	getArtifacts (String artifactTypeName) throws TskCoreException

ArrayList< BlackboardArtifact >	getArtifacts (int artifactTypeID) throws TskCoreException

ArrayList< BlackboardArtifact >	getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException

long	getArtifactsCount (String artifactTypeName) throws TskCoreException

long	getArtifactsCount (int artifactTypeID) throws TskCoreException

long	getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException

List< Content >	getChildren () throws TskCoreException

int	getChildrenCount () throws TskCoreException

List< Long >	getChildrenIds () throws TskCoreException

Content	getDataSource () throws TskCoreException

BlackboardArtifact	getGenInfoArtifact () throws TskCoreException

BlackboardArtifact	getGenInfoArtifact (boolean create) throws TskCoreException

ArrayList< BlackboardAttribute >	getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException

Set< String >	getHashSetNames () throws TskCoreException

long	getId ()

String	getName ()

Content	getParent () throws TskCoreException

Optional< Long >	getParentId () throws TskCoreException

SleuthkitCase	getSleuthkitCase ()

String	getUniquePath () throws TskCoreException

boolean	hasChildren () throws TskCoreException

int	hashCode ()

AnalysisResultAdded	newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException

AnalysisResultAdded	newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException

BlackboardArtifact	newArtifact (int artifactTypeID) throws TskCoreException

BlackboardArtifact	newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException

DataArtifact	newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException

DataArtifact	newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException

DataArtifact	newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException

String	toString ()

String	toString (boolean preserveState)

Public Member Functions inherited from org.sleuthkit.datamodel.Content
long	getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException

ArrayList< BlackboardAttribute >	getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException

Protected Member Functions
	FileSystem (SleuthkitCase db, long obj_id, String name, long img_offset, TskData.TSK_FS_TYPE_ENUM fs_type, long block_size, long block_count, long root_inum, long first_inum, long last_inum)

Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent
	AbstractContent (SleuthkitCase db, long obj_id, String name)

Additional Inherited Members
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent
static final long	UNKNOWN_ID = -1

Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent
long	parentId

Detailed Description

Represents a file system object stored in tsk_fs_info table FileSystem has a parent content object (volume or image) and children content objects (files and directories) and fs-specific attributes. The object also maintains a handle to internal file-system structures and the handle is reused across reads.

Definition at line 31 of file FileSystem.java.

Constructor & Destructor Documentation

org.sleuthkit.datamodel.FileSystem.FileSystem	(	SleuthkitCase	db,
		long	obj_id,
		String	name,
		long	img_offset,
		TskData.TSK_FS_TYPE_ENUM	fs_type,
		long	block_size,
		long	block_count,
		long	root_inum,
		long	first_inum,
		long	last_inum
	)

protected

Constructor most inputs are from the database

Parameters

db	the case handle
obj_id	the unique object id
name	filesystem name
img_offset	image offset
fs_type	filesystem type
block_size	block size in this fs
block_count	number of blocks in this fs
root_inum	the root inum
first_inum	the first inum
last_inum	the last inum

Definition at line 53 of file FileSystem.java.

Member Function Documentation

void org.sleuthkit.datamodel.FileSystem.close ( )

Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.

Implements org.sleuthkit.datamodel.Content.

Definition at line 67 of file FileSystem.java.

void org.sleuthkit.datamodel.FileSystem.finalize ( ) throws Throwable

Definition at line 205 of file FileSystem.java.

long org.sleuthkit.datamodel.FileSystem.getBlock_count ( )

Get the number of blocks

Returns: block count

Definition at line 172 of file FileSystem.java.

long org.sleuthkit.datamodel.FileSystem.getBlock_size ( )

Get the block size

Returns: block size

Definition at line 163 of file FileSystem.java.

long org.sleuthkit.datamodel.FileSystem.getFirst_inum ( )

Get the first inum in this file system

Returns: first inum

Definition at line 190 of file FileSystem.java.

TskData.TSK_FS_TYPE_ENUM org.sleuthkit.datamodel.FileSystem.getFsType ( )

Get the file system type

Returns: enum value of fs type

Definition at line 154 of file FileSystem.java.

long org.sleuthkit.datamodel.FileSystem.getImageOffset ( )

Get the byte offset of this file system in the image

Returns: offset

Definition at line 145 of file FileSystem.java.

long org.sleuthkit.datamodel.FileSystem.getLastInum ( )

Get the last inum

Returns: last inum

Definition at line 199 of file FileSystem.java.

long org.sleuthkit.datamodel.FileSystem.getRoot_inum ( )

Get the inum of the root directory

Returns: Root metadata address of the file system

Definition at line 181 of file FileSystem.java.

Referenced by org.sleuthkit.datamodel.FsContent.isRoot().

Directory org.sleuthkit.datamodel.FileSystem.getRootDirectory ( ) throws TskCoreException

Definition at line 126 of file FileSystem.java.

References org.sleuthkit.datamodel.AbstractContent.getChildren().

long org.sleuthkit.datamodel.FileSystem.getSize ( )

Get the (reported) size of the content object and, in theory, how much you should be able to read from it. In some cases, data corruption may mean that you cannot read this much data.

Returns: size of the content in bytes

Implements org.sleuthkit.datamodel.Content.

Definition at line 81 of file FileSystem.java.

int org.sleuthkit.datamodel.FileSystem.read	(	byte[]	buf,
		long	offset,
		long	len
	)		throws TskCoreException

Reads data that this content object is associated with (file contents, volume contents, etc.).

Parameters

buf	a character array of data (in bytes) to copy read data to
offset	byte offset in the content to start reading from
len	number of bytes to read into buf.

Returns: num of bytes read, or -1 on error

Exceptions

TskCoreException if critical error occurred during read in the tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 72 of file FileSystem.java.

References org.sleuthkit.datamodel.AbstractContent.getDataSource(), and org.sleuthkit.datamodel.SleuthkitJNI.readFs().

String org.sleuthkit.datamodel.FileSystem.toString ( boolean preserveState )

Definition at line 227 of file FileSystem.java.

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/sleuthkit/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java

Public Member Functions

Protected Member Functions

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation